package com.auth.config;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * 资源服务器是默认情况下spring security oauth2的http配置
 * 会被WebSecurityConfigurerAdapter的配置覆盖
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    private static final Logger log = LoggerFactory.getLogger(ResourceServerConfiguration.class);

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        log.info("=====================^_^ start resources Safety certification  ^_^===================");
        // resourceId 用于分配给可授予的clientId
        // stateless  标记以指示在这些资源上仅允许基于令牌的身份验证
        //resources.resourceId("order").stateless(true);
        //resources.stateless(true);
        // authenticationEntryPoint  认证异常流程处理返回
        // tokenExtractor            token获取方式,默认BearerTokenExtractor
        // 从header获取token为空则从request.getParameter("access_token")
        // .authenticationEntryPoint(authenticationEntryPoint).tokenExtractor(unicomTokenExtractor);
        super.configure(resources);
    }

    /**
     * 是默认情况下spring security oauth2的http配置   会被WebSecurityConfigurerAdapter的配置覆盖
     *
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        log.info("------ResourceServerConfigurerAdapter 拦截------");

        http.
                antMatcher("/**").        //匹配需要资源认证路径
                csrf().disable()
                .exceptionHandling()
                .and()
                .authorizeRequests().
//                antMatchers("/swagger-ui.html", "/swagger-resources/**",
//                        "/v2/api-docs/**", "/validatorUrl", "/valid"
//                ).permitAll().            //匹配不需要资源认证路径
                anyRequest().authenticated()
                .and().
                        httpBasic();
    }

}
